Link List

Sponsored by..

Tuesday, 7 May 2013

Something evil on 151.248.123.170, Part III

I've covered 151.248.123.170 (Reg.ru, Russia) a couple of times in the past month [1][2], and it's still actively pushing out malware via dynamic DNS domains, many of which are injection attacks on hacked sites.

There are hundreds or possibly thousands of malicious domains on this IP. Blocking them individually is likely to be problematic, the best approach is to block all traffic to 151.248.123.170 or to the Dynamic DNS domains involved.. although this might potentially block access to some legitimate sites.